I was recently exploring some of the latest reports and blogs from Accenture when I came upon a report titled, “Cryptography in a Post-Quantum World: Preparing intelligent enterprise now for a secure future.” In it, there were several items that gave me pause––statements about the rapid evolution of quantum computing that could have a serious impact on the future of data security.
I’ve written extensively on the subjects of data security and quantum computing, in blogs about the prescience of biometric authentication to explaining quantum computing and how it will affect the financial services industry. This report, however, had me thinking about the need for an increasingly pro-active response to the approaching threat of quantum computing on encrypted data.
In the digital era, data security is top of mind for many businesses and governments. To protect financial records, medical histories, military strategy, confidential information and more, organizations generally rely on approved and tested cryptographic algorithms.
While most encryption algorithms were designed to maintain a 20 year buffer before hacker technology could potentially compromise them, the evolution of quantum computing has outpaced the cryptographic standards. Many experts now believe that quantum computing could be a threat to encryption in just 10 to 15 years – but Accenture believes it could be as soon as 8 years.
While 8 years sounds like a long time, governments, industries and companies need to move quickly to activate comprehensive strategies, with upgraded infrastructure and quantum-ready security protocol to brace for this computing inflection point.
To better understand how the risk of quantum computing, we first need to understand how encryption works and how it is threatened by digital advancements.
WHY CRYPTOGRAPHY IS VULNERABLE TO QUANTUM COMPUTING
Today, cryptography is essential to everyday business functions and is especially prevalent in the communication methods on the Internet between users and web applications, such as online banking or payments.
The strength of all cryptography relies on a secret key length and the mathematical power of complex algorithms. Currently, there are no known mathematical shortcuts to these algorithms, meaning that every single possible combination must be tested to find the number that will unlock an algorithm and release the information––which even with hardware accelerators, could take hundreds of years.
In contrast, a quantum computer can reduce the time it takes to unlock the secret key by transforming the algorithms into theory problems that quantum computation can solve with ease, reducing the time it could conceivably take from hundreds of years to just days or weeks.
Granted, this threat is still in the future, but it is looming and the advent of quantum computing is a call to action for an industry-wide shift in how cryptography is done.
WHAT ORGANIZATIONS CAN DO IN THE SHORT AND LONGER-TERM
It will take several years to assess enterprise assets, develop quantum mitigation strategies and implement quantum-proof cryptographic services. This impending change will drive application, software and hardware vendors to incorporate quantum-safe solutions into their products—or risk losing their competitive advantage.
In the meantime, organizations can be pro-active by taking steps that add security functions to ensure their safety:
Short-term: Review security infrastructure to ensure it is sufficient for maintaining cryptographic services using traditional cryptographic methods, and migrate current cryptography to emerging quantum-resistant algorithms.
Longer-term. As quantum computing hardware becomes integrated into solutions, implement quantum cryptographic methods to reduce risk to business processes throughout the organization.
The report “Cryptography in a Post-Quantum World: Preparing intelligent enterprise now for a secure future,” outlines in more detail some of the technologies and encryption strategies businesses are using to prepare for this threat, but without a doubt, we have a complex task ahead in identifying, evaluating and prioritizing strategies to protect data from the threat of encryption breaches and compromises.
I encourage you to read through the report through the lens of your own organization’s security protocols. Those that make the right decisions soon will stand the best chance of staying safe in a post-quantum world.
For further reading and to understand the basics of quantum computing, I suggest reading the report, “Think Beyond Ones and Zeros.”